package cn.wolfcode.rbac.shiro;

import cn.wolfcode.rbac.domain.Employee;
import cn.wolfcode.rbac.domain.Permission;
import cn.wolfcode.rbac.domain.Role;
import cn.wolfcode.rbac.mapper.EmployeeMapper;
//import lombok.extern.slf4j.Slf4j;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.credential.CredentialsMatcher;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.ByteSource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

import java.util.LinkedList;
import java.util.List;

@Component("crmRealm")
//@Slf4j
public class CRMRealm extends AuthorizingRealm {

    @Autowired
    private EmployeeMapper employeeMapper;

    //提供授权相关信息
    @Override

    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        Subject subject = SecurityUtils.getSubject();
        Employee employee = (Employee) subject.getPrincipal();
        if (employee != null) {
            SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
            List<String> roles = new LinkedList<>();
            List<String> perms = new LinkedList<>();
            for (Role role : employee.getRoles()) {
                roles.add(role.getName());
            }
            for (Permission perm : employee.getPermissions()) {
                perms.add(perm.getExpression());
            }
            simpleAuthorizationInfo.addRoles(roles);
            simpleAuthorizationInfo.addStringPermissions(perms);
            return simpleAuthorizationInfo;
        }
        return null;
    }

    //用来认证的
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        //获取到登录用户从token中，拿到令牌
        Object principal = authenticationToken.getPrincipal();
        /*String username = "admin";
        String password = "1";*/
        Long id = employeeMapper.checkedName((String) principal);
        Employee employee = employeeMapper.selectByPrimaryKey(id);
        if (employee != null) {
            //return new SimpleAuthenticationInfo(employee.getName(),employee.getPassword(),"crmRealm");
            //加盐后：
            return new SimpleAuthenticationInfo(employee.getName(), employee.getPassword(), ByteSource.Util.bytes(employee.getName()), "crmRealm");
        }
        return null;
        /*if (principal.equals(username)){
            return new SimpleAuthenticationInfo(username,password,"crmRealm");
        }
        return null;*/
    }

    //登出
    @Override
    public void onLogout(PrincipalCollection principals) {
        super.onLogout(principals);
    }

    @Autowired
    public void setCredentialsMatcher(CredentialsMatcher credentialsMatcher) {
        super.setCredentialsMatcher(credentialsMatcher);
    }
}
